Security Bulletin: IBM MQ Appliance is vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM MQ Appliance has resolved an HTTP header injection vulnerability. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header...

Security Bulletin: IBM MQ Appliance is vulnerable to identity spoofing (CVE-2022-22476)

Summary IBM MQ Appliance has resolved an identity spoofing vulnerability. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially...

Security Bulletin: IBM MQ is vulnerable to multiple issues within IBM® Runtime Environment Java™ Technology Edition, Versions 7 and 8 (CVE-2021-35603, CVE-2022-21305, CVE-2022-21291, CVE-2021-35550)

Summary Multiple issues were identified with IBM® Runtime Environment Java™ Technology Edition, version 7 that is packaged with IBM MQ 8.0 and version 8 that is packaged with IBM MQ 9.0, 9.1 and 9.2. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8

Summary Multiple vulnerabilities were found with IBM® Runtime Environment Java™ Technology Edition, Version 8 which is shipped with IBM MQ and used for Java & JMS client, AMQP, MQTT, MFT & MQIPT functionality. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2022-0778)

Summary IBM MQ Appliance has resolved an OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted certificate with invalid explici...

Oracle Database Server Multiple Vulnerabilities (Oct 2006)

Oracle database is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:databaseserver";...

CVE-2006-5342

CVE-2006-5342 pertains to an unspecified vulnerability in Oracle Spatial within Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3. The impact is unknown and it involves remote authenticated access vectors tied to mdsys.sdo_tune; there are reports suggesting the issue could be related to SQL injectio...

CVE-2006-3700

Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln 1 DB04 for Web Distributed Authoring and Versioning DAV and 2 DB23 for XMLDB...

Design/Logic Flaw

Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln DB21...